Transport layer connection

ABSTRACT

A system identifies a network socket on a machine by assigning a non-IP address socket anchor and a port number to the network socket. A socket anchor may comprise a globally unique number. In some embodiments, a socket anchor comprises a number having a preselected number of bits. The number having the preselected number of bits may comprise a selected number associated with the machine concatenated with a number of randomly generated bits. The number of bits of the selected number plus the number of randomly generated bits is equal to the preselected number of bits. In some embodiments, the selected number associated with the machine is a Media Access Control (MAC) address of a network interface associated with the machine.

BACKGROUND

The present invention relates generally to the field of datacommunication, and more particularly to methods, systems, and computerprogram products for establishing transport layer connectionsindependent of Internet Protocol (IP) addresses.

A current trend in computing is toward virtualization using logicalpartitions (LPARs). An LPAR or virtual machine is the division of acomputer's processors, memory, storage, and input/output into multiplesets of resources so that each set of resources can be operatedindependently with its own operating system instance and applications.As computers become more powerful, partitioning allows multiple virtualsystems to run on one machine, thereby using the computer's resourcesmore efficiently. Recently, virtualization technology has been expandedwith workload partitions (WPARs). WPAR technology allows administratorsto virtualize operating systems, which allows for fewer operating systemimages on a partitioned server.

A process known as live partition mobility allows LPARs and WPARs, andtheir hosted applications, to be moved from one physical system toanother without disrupting infrastructure services. The migrationtransfers the entire system environment, including processor states,memory, attached virtual devices, and connected users. Live partitionmobility enables partitions to be moved off servers that are to be shutdown for maintenance or repair without interrupting services to users.Live partition mobility also facilitates load and resource balancingover a system of networked servers.

Networks are typically divided into subnetworks. A subnetwork mayrepresent all the machines at one geographic location, in one building,in the same department, or on the same local area network (LAN). All thecomputers that belong to a subnetwork are addressed with the samemost-significant bit group in their Internet Protocol (IP) address,which is known as a routing prefix or network number.

Transport layer protocols, such as Transmission Control Protocol (TCP)and User Datagram Protocol (UDP), specify a source and destination portnumber in their headers. In a process known as binding, an applicationprocess associates its input or output channel file descriptors, whichare known as sockets, with a port number and an IP address to send andreceive data via a network. The operating system maps a socket to aparticular application process or thread. The operating system forwardspayloads of incoming sockets associated with applications by extractingthe IP address from the IP header and the port number from the transportlayer header.

When a partition is migrated from one subnetwork to another subnetwork,its IP address changes because the routing prefix or network number ofthe partition's IP address must change as the partition is migratedbeyond its original network boundaries. However, the sockets of itsprocesses continue to be identified by its original IP address.Accordingly, incoming cannot be routed properly.

BRIEF SUMMARY

Embodiments of the present invention provide methods, systems, andcomputer program products for enabling network communication betweenmachines. A method according to one embodiment identifies a networksocket on a machine by assigning a non-IP address socket anchor and aport number to the network socket. A socket anchor may comprise aglobally unique number. In some embodiments, a socket anchor comprises anumber having a preselected number of bits. The number having thepreselected number of bits may comprise a selected number associatedwith the machine concatenated with a number of randomly generated bits.The number of bits of the selected number plus the number of randomlygenerated bits is equal to the preselected number of bits. In someembodiments, the selected number associated with the machine is a MediaAccess Control (MAC) address of a network interface associated with themachine.

A transport layer connection between a source machine and a destinationmachine is defined by a tuple comprising {transport protocol, sourcesocket anchor, source port number, destination socket anchor, anddestination port number}. When data is transmitted from the sourcemachine to the destination machine according to embodiments of thepresent invention, the destination machine receives a packet at thetransport layer of the destination machine's protocol stack. The packetincludes a socket anchor and a port number. The transport layer forwardsthe data to the socket of the destination machine identified by thesocket anchor and the port number. In some embodiments, the socketanchor is carried in a transport layer header of the packet. In otherembodiments, the socket anchor is carried as an option in an Internetlayer head of the packet.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The novel features believed characteristic of the invention are setforth in the appended claims. The invention itself, however, as well asa preferred mode of use, further purposes and advantages thereof, willbest be understood by reference to the following detailed description ofan illustrative embodiment when read in conjunction with theaccompanying drawings, where:

FIG. 1 is a block diagram of an embodiment of a system according to thepresent invention;

FIG. 2 is a block diagram of an embodiment host system according to thepresent invention;

FIG. 3 is a block diagram of an embodiment of protocol stack processingaccording to the present invention;

FIG. 4 illustrates data encapsulation through the protocol stack;

FIG. 5 is block diagram of an embodiment a Transmission Control Protocol(TCP) header according to the present invention;

FIG. 6 is a flowchart of Internet Protocol (IP) header according to analternative embodiment of the present invention;

FIG. 7 is a flowchart of an embodiment of socket anchor generationaccording to the present invention;

FIG. 8 is a flowchart of an embodiment of socket creation according tothe present invention.

FIGS. 9A-B comprise a flowchart of an embodiment of inbound packetprocessing according to the present invention; and,

FIG. 10 is a block diagram of a computing device in which features ofthe present invention may be implemented.

DETAILED DESCRIPTION

Referring now to the drawings, and first to FIG. 1, a system isdesignated generally by the numeral 100. System 100 includes a firstnetwork 101 and a second network 103. First network 101 interconnects aplurality of host systems 105. Similarly, second network 103interconnects a plurality of host systems 107. Networks 101 and 103 mayembody any suitable networking technology, such as Ethernet. Networks101 and 103 may each be divided into one or more subnetworks. Firstnetwork 101 is coupled to the Internet 109 though a router 111.Similarly, second network 103 is coupled to Internet 109 through arouter 113.

FIG. 2 is a block diagram of a host system 105. Host system 105 includesvarious hardware resources, indicated generally at 201, an Ethernetadapter 203. Hardware resources 201 include other physical resources,such as processors, memory, and the like.

Host system 105 is a virtualized system in that it includes a pluralityof logical partitions (LPARs) 205. A logical partition is a division ofresources 201 of host system 105 a subset of resources so that eachsubset of resources can be operated independently with its own operatingsystem instance and application or applications. Thus, LPARs 205 eachinclude an operating system image 207. LPARs 205 a and 205 b eachinclude applications 209 running on operating systems 207, respectively.

LPAR 205 includes workload partitions (WPARs) 211. A WPAR is a furtherdivision of the resources 201 of host system 105 into a subset ofresources such that each subset can be operated independently with itsown virtualized operating system image and applications. Inside WPAR211, the application or applications (not shown) have private executionenvironments that are isolated from other processes outside WPAR 211.

Host system 105 includes a hypervisor 213. Hypervisor 213 is a softwarelayer that provides the foundation for virtualization of host system105. Hypervisor 213 enables resources 201 of host system 105 to bedivided among the multiple LPARs 205 and WPARs 211, and it ensuresstrong isolation between them. Hypervisor 213 is responsible fordispatching the LPAR and WPAR workload across the physical processors.Hypervisor 213 also enforces partition security and it can provideinter-partition communication.

Embodiments of the present invention enable end-to-end connectionsacross Internet 109 between application processes running in LPARs 205or WPARs 211. FIG. 3 illustrates the flow of information up and down aprotocol stack 301 running in an LPAR. Protocol stack 301 is typicallyexecutable code and data structures associated with a kernel for anoperating system 207 of an LPAR 205. The code resides in memorylocations associated with the kernel. The data structures are portionsof memory that are used by protocol stack 301 code to retain static anddynamic variables.

The lowest layer of protocol stack 301 is physical layer 303. Physicallayer 303 includes physical media interfaces, such as Ethernet adapter203, that place data packets on, and receive data packets from, physicaltransmission media. Referring to FIG. 4, a data packet on the physicalmedium is a frame 401. Frame 401 includes a frame header 403, whichincludes a source Media Access Control (MAC) address and a destinationMAC address. MAC addresses are 48-bit numbers that uniquely identifyphysical network interfaces, such as Ethernet adapter 203. Frame header403 is followed by frame data 405, which includes payload data plusother protocol headers. Frame 401 ends with a frame footer 407, whichincludes a cyclic redundancy check that is used to detect any corruptionof data in transit. Physical layer 303 passes frames 401 to a link layer305.

Link layer 305 strips frame header 403 and frame footer 407 from framedata 405, which results in an Internet Protocol (IP) packet 409. IPpacket 409 includes an IP header 411 and IP data 413. IP header 411includes a source IP address and a destination IP address, as well asother information, such as time to live, transport layer protocol (e.g.Transmission Control Protocol (TCP) or User Datagram Protocol (UDP)),and header check sum. Link layer passes IP packet 409 to an Internetlayer 307. Internet layer processes the information in IP header 411.Internet layer 307 strips IP header 411 from IP packet 409 to yield aTransmission Control Protocol (TCP) segment 415.

Internet layer 307 passes TCP segment 415 to transport layer 309. TCPsegment 415 includes a TCP header 417 and TCP data 419. TCP header 417will be described in detail hereinafter, but according to the presentinvention, TCP header 417 includes a new option kind called socketanchor. Generally, a socket anchor is a number that forms part of asocket identifier.

The operating system and application create a socket. Generally, asocket is a data structure in the kernel that provides an input andoutput channel for a process. The operating system maps a socket to aparticular application process or thread. Thus, in FIG. 3, a process 311is mapped to a socket 313; a process 315 is mapped to a socket 317; anda process 319 is mapped to a socket 321. Socket 313 is identified by asource socket anchor 323, a source port number 325, a destination socketnumber 327, and a destination port number 329. Socket 317 is identifiedby source socket anchor 323, a source port number 331, a destinationport number 333, and a destination port number 335. Socket 321 isidentified by source socket anchor 323, a source port number 337, adestination socket anchor 339, and a destination port number 341.Transport layer 309 strips TCP header 417 from TCP segment 415 to yielddata 421. Transport layer 309 forwards data 421 to a socket 313, 317, or321 according to source socket anchor 323 and source port number 325,331, or 337.

FIG. 5 illustrates a TCP header 500 according to one embodiment of thepresent invention the present invention. TCP header 500 contains tenmandatory fields and optional options extensions. The ten mandatoryfields are source port 501, destination port 502, sequence number 503,acknowledgement number 504, data offset 505, reserved 506, flags 507,window size 508, checksum 509, and urgent pointer 510. The optionsextensions is a multiple of thirty-two from 0 to 320 bits in length, asdetermined by data offset field 505.

According to embodiments of the present invention, the optionsextensions include socket anchor information. An 8-bit kind field 511identifies the option kind as socket anchor. TCP currently specifiesseveral kind codes. Any unassigned kind code may be used to specifysocket anchor. An 8-bit length field 512 specifies the length of asocket anchor. In some embodiments, the socket anchor is a 128-bitnumber. A 16-bit IP-association field 513 indicates if the socket anchoris source socket anchor or a destination socket anchor. The next field514 contains the 128-bit source socket anchor itself. Following field514 is another kind field 515, which again identifies to option kind assocket anchor. A length field 517 defines the length of the followingsocket anchor. An IP-association field 518 identifies the followingsocket anchor as a destination socket anchor. Finally, a field 519contains the 128-bit destination socket anchor itself.

The options extension of a TCP header may have a maximum of threehundred twenty bits. Since the options extension of the embodiment ofFIG. 5 comprises three hundred twenty bits, there is no room for otheroptions in TCP header 500. In other embodiments, a socket anchor mayhave fewer than one hundred twenty-eight bits in order that other TCPoptions may be included.

In alternative embodiments, socket anchor identifying information may becarried in the Internet layer IP header rather than in the transportlayer TCP header. Referring to FIG. 6, an Internet Protocol version 4(IPv4) header 600 according to an alternative embodiment of the presentinvention is illustrated. IP header 600 has twelve mandatory fields andoptional options extensions. The twelve mandatory fields are version601, header length 620, differentiated services 603, total length 604,identification 605, flags 606, fragment offset 607, time to live 608,protocol 609, header checksum 610, source IP address 611, anddestination IP address 612.

Header length 620 is a 4-bit field that specifies the number of 32-bitwords in header 600. The minimum header length is five, and the maximumheader length is fifteen. Thus, ten 32-bit words are available foroptions extensions. Protocol 609 is an 8-bit field that specifies theprotocol used in the data portion of the IP datagram, which according toembodiments of the present invention may TCP or UDP.

According to embodiments of the present invention, the optionsextensions include socket anchor information. An 8-bit kind field 613identifies the option kind as socket anchor. IP currently specifiesseveral kind codes. Any unassigned kind code may be used to specifysocket anchor. An 8-bit length field 614 specifies the length of asocket anchor. A 16-bit IP-association field 615 indicates if the socketanchor is source socket anchor or a destination socket anchor. The nextfield 616 contains the 128-bit source socket anchor itself. Followingfield 616 is another kind field 617, which again identifies to optionkind as socket anchor. A length field 618 defines the length of thefollowing socket anchor. An IP-association field 619 identifies thefollowing socket anchor as a destination socket anchor. Finally, a field620 contains the 128-bit destination socket anchor itself.

IPv4 specifies an end of options list (EOL) option, which marks the endof the options. However, the EOL is required only when the end of theoptions list does not coincide with the end of the header. Since, in theembodiment FIG. 6, the options comprise three hundred twenty bits, noEOL is required. In other embodiments, a socket anchor may have fewerthan one hundred twenty-eight bits in order that other IP options may beincluded.

FIG. 8 is a flowchart of an embodiment of a process for generating asocket anchor according to the present invention. A socket anchor ispreferably a globally unique number. In one embodiment, a socketidentifier is a 128-bit number. Embodiments generate a socket anchor byconcatenating a globally unique number, such as a hardware or softwarepart or license number of a component of the machine associated with thesocket, with enough randomly generated bits to make a 128-bit number. Inthe example of FIG. 8, the process obtains the 48-bit MAC address ofEthernet adapter 203, as indicated at block 801. Then the processgenerates an 80-bit random number, as indicated at block 803. Finally,the process concatenates the MAC address with the random number, asindicated at block 805.

FIG. 8 is a flowchart of an embodiment of a socket identificationprocess according to the present invention. The process fetches thesource socket anchor at block 801. The process fetches the source portnumber at block 803. The process fetches a destination socket anchor atblock 805. The process fetches the destination port number at block 807.Then the process creates the socket with the source socket anchor, thesource port number, the destination socket anchor, and the destinationport number at block 809.

FIGS. 9A-B comprise a flowchart of an embodiment of transport layerprocessing according to the present invention. The transport layerreceives a TCP segment from the Internet layer, as indicated at block901. The transport layer parses the TCP header, as indicated at block903. The transport layer determines, at decision block 904, if thetransport layer protocol is TCP. If the transport layer protocol is TCP,processing proceeds to FIG. 9B. If, as determined at decision block 904,the transport layer protocol is not TCP, the transport layer determines,at decision block 905, if the transport layer protocol is UDP. If not,the transport layer performs other processing, as indicted at block 907.If the transport layer protocol is UDP, the transport layer determines,at decision block 911, if there are socket anchors in the IP header. Ifnot, the transport layer forwards the segment data to the UDP socketidentified by the source and destination IP addresses of the IP header,and the source and destination port numbers of the UDP header, asindicated at block 913. If there are socket anchors in the IP header,the transport layer forwards the segment data to the UDP socketidentified by the source and destination socket anchors of the IPheader, and the source and destination port numbers of the UDP header,as indicated at block 915.

Returning to decision block 904, if the transport layer protocol is TCP,processing proceeds to FIG. 9B. Referring to FIG. 9B, the transportlayer determines, at decision block 917, if there are options in the TCPheader. If not, the transport layer determines, at decision block 919,if there are socket anchors in the IP header. If not, the transportlayer forwards the segment data to the TCP socket identified by thesource and destination IP addresses of the IP header, and the source anddestination port numbers of the TCP header, as indicated at block 921.

Returning to decision block 917, if there are options in the TCP header,the transport layer determines, at decision block 923, if the optionkind is socket anchor. If not, processing proceeds to decision block919. If the option kind is anchor socket, the transport layer forwardsthe segment data to the TCP socket identified by the source anddestination socket anchors and the source and destination port numbersof the TCP header, as indicated at block 925.

A machine can generate one to few socket anchors in the same way that amachine may have one to few IP addresses. A socket anchor identifies asocket on a machine and not any particular interface of the machine.Accordingly, a socket anchor has no address function. A socket anchor isnot used to route packets; it is a unique number that is used as socketidentifier. Socket anchors are used in a socket tuple as unique numbersrepresenting the source and destination ends of a socket connection.Machines on each end of a socket connection generate socket anchors.While strict global uniqueness is desired, it is not mandatory. Amachine can use a particular socket anchor permanently, or it maygenerate new socket anchors periodically. A machine can generate asocket anchor using any globally unique hardware or software part orserial number (e.g. adapter, disks, or cpu serial numbers, or softwarelicense numbers) that is associated with the machine.

FIG. 10 is a block diagram of a data processing system that may beimplemented as a host system, such as host system 105 in FIG. 1. Dataprocessing system 1000 may be a symmetric multiprocessor (SMP) systemincluding a plurality of processors 1002 and 1004 connected to systembus 1006. Alternatively, a single processor system may be employed. Alsoconnected to system bus 1006 is memory controller/cache 1008, whichprovides an interface to local memory 1009. I/O bus bridge 1010 isconnected to system bus 1006 and provides an interface to I/O bus 1012.Memory controller/cache 1008 and I/O bus bridge 1010 may be integratedas depicted.

Peripheral component interconnect (PCI) bus bridge 1014 connected to I/Obus 1012 provides an interface to PCI local bus 1016. A number of modemsmay be connected to PCI local bus 1016. Typical PCI bus implementationswill support four PCI expansion slots or add-in connectors.Communications links to networks 101 or 103 in FIG. 1 may be providedthrough modem 1018 and network adapter 1020 connected to PCI local bus1016 through add-in boards. Additional PCI bus bridges 1022 and 1024provide interfaces for additional PCI local buses 1026 and 1028,respectively, from which additional modems or network adapters may besupported. In this manner, data processing system 1000 allowsconnections to multiple network computers. A memory-mapped graphicsadapter 1030 and hard disk 1032 may also be connected to I/O bus 1012 asdepicted, either directly or indirectly.

Those of ordinary skill in the art will appreciate that the hardwaredepicted in FIG. 10 may vary. For example, other peripheral devices,such as optical disk drives and the like, also may be used in additionto or in place of the hardware depicted. The depicted example is notmeant to imply architectural limitations with respect to the presentinvention.

The data processing system depicted in FIG. 10 may be, for example, anIBM® eServer™ pSeries system, a product of International BusinessMachines Corporation in Armonk, N.Y., running the Advanced InteractiveExecutive (AIX™) operating system or LINUX operating system.

As will be appreciated by one skilled in the art, aspects of the presentinvention may be embodied as a system, method or computer programproduct. Accordingly, aspects of the present invention may take the formof an entirely hardware embodiment, an entirely software embodiment(including firmware, resident software, micro-code, etc.) or anembodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium or media having computer readable program code embodied thereon.

Any combination of one or more computer readable medium or media may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

The computer program instructions comprising the program code forcarrying out aspects of the present invention may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the foregoing flowchart and/orblock diagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the foregoing flowchartand/or block diagram block or blocks.

The flowcharts and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a”, “an”, and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the present invention has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the artwithout departing from the scope and spirit of the invention. Theembodiment was chosen and described in order to best explain theprinciples of the invention and the practical application, and to enableothers of ordinary skill in the art to understand the invention forvarious embodiments with various modifications as are suited to theparticular use contemplated.

From the foregoing, it will be apparent to those skilled in the art thatsystems and methods according to the present invention are well adaptedto overcome the shortcomings of the prior art. While the presentinvention has been described with reference to presently preferredembodiments, those skilled in the art, given the benefit of theforegoing description, will recognize alternative embodiments.Accordingly, the foregoing description is intended for purposes ofillustration and not of limitation.

1. (canceled)
 2. (canceled)
 3. (canceled)
 4. (canceled)
 5. (canceled) 6.(canceled)
 7. (canceled)
 8. (canceled)
 9. A system, which comprises: amachine; a network interface associated with said machine; a networksocket on said machine, said network socket being identified by a non-IPaddress socket anchor and a port number; a protocol stack running onsaid machine, said protocol stack including a transport layer, saidtransport layer being configured to: receive a packet, said packetincluding data, and said packet including said socket anchor and saidport number; and, forward said data to said network socket.
 10. Thesystem as claimed in claim 9, wherein said socket anchor comprises aglobally unique number.
 11. The system as claimed in claim 9, wherein:said socket anchor comprises a number having a preselected number ofbits.
 12. The system as claimed in claim 11, wherein said number havingsaid preselected number of bits comprises: a selected number associatedwith said machine, said selected number having a number of bits fewerthan said preselected number of bits; and, a number of randomlygenerated bits concatenated with said selected number, wherein thenumber of bits of said selected number plus said number of randomlygenerated bits is equal to said preselected number of bits.
 13. Thesystem as claimed in claim 12, wherein said selected number associatedwith said machine comprises a Media Access Control (MAC) address of saidnetwork interface.
 14. The system as claimed in claim 9, wherein saidpacket includes a transport layer header and said socket anchor and saidport number are carried in said transport layer header.
 15. The systemas claimed in claim 14, wherein said packet comprises a TransmissionControl Protocol (TCP) segment.
 16. The system as claimed in claim 9,wherein said socket anchor is carried as an option in an InternetProtocol (IP) header.
 17. A computer program product in computerreadable storage medium, said computer program product comprising:instructions stored in said computer readable storage medium forreceiving a packet, said packet including data, and said packetincluding a non-IP address socket anchor and a port number; and,instructions stored in said computer readable storage medium forforwarding said data to a socket, said socket being identified by saidsocket anchor and said port number.
 18. The computer program product asclaimed in claim 17, wherein said socket anchor comprises a globallyunique number.
 19. The computer program product as claimed in claim 17,wherein: said destination socket anchor comprises a number having saidpreselected number of bits.
 20. The computer program product as claimedin claim 19, wherein said number having said preselected number of bitscomprises: a selected number associated with a machine, said selectednumber having a number of bits fewer than said preselected number ofbits; and, a number of randomly generated bits concatenated with saidfirst selected number, wherein the number of bits of said selectednumber plus said number of randomly generated bits is equal to saidpreselected number of bits.
 21. The computer program product as claimedin claim 20, wherein said selected number associated with said machinecomprises a Media Access Control (MAC) address of a network interfaceassociated with said machine.
 22. The computer program product asclaimed in claim 17, wherein said packet includes a transport layerheader and said socket anchor and said port number are carried in saidtransport layer header.
 23. The computer program product as claimed inclaim 22, wherein said packet comprises a Transmission Control Protocol(TCP) segment.
 24. The computer program product as claimed in claim 17,wherein said socket anchor is carried as an option in an InternetProtocol (IP) header.
 25. (canceled)
 26. (canceled)
 27. (canceled) 28.(canceled)
 29. (canceled)